Can't connect after upgrade to openssl-1.0.1e-30.el6.9

Hi All,

I upgraded one of our XtraDB Cluster nodes and a client system on CentOS to openssl-1.0.1e-30.el6.9 and can no longer connect to and mysql node from the cli client or php when using ssl. Even on the same host (connecting using when requiring ssl on the user account. Galera replication works fine between the nodes though and it’s ssl encrypted.

This is the error from the mysql (percona) cli client:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)

Downgrade to the previous CentOS release of openssl (1.0.1e-30.el6.8) resolves the problem.

One change in this release of openssl that could be related is that the client will reject DH keys below 768 bits. Does anyone know the DH key size used in XtraDB Cluster?

We’re running


I have the same problem on a debian system. I was using the latest percona-xtradb-cluster from percona repository. I even upgraded to debian 8 and the problem persisted. The standard mysql server 5.6.25 from repository works just fine.